The short of it is that WhatsApp does not have protections against internet traffic analysis at the scale of a nation state, so a national government can analyze internet traffic and determine with some degree of accuracy who received the packets that you sent. Some WhatsApp employees have speculated that this might be being used by Israel to choose targets in Gaza, but it sounds like we have zero evidence that this is actually the case.
If you're a dissident, then you should be aware that just because the contents of your messages are encrypted that doesn't mean the source and destination can't be determined.
If you're a WhatsApp employee who cares about protecting dissidents, then it would be worth exploring what WhatsApp can do to mitigate this risk.
But if you're a random citizen in a stable country, this is not evidence of bad behavior on WhatsApp's part or of them failing to do enough to live up to their promises. This kind of "vulnerability" is extremely hard to defend against, and while it's admirable that some WhatsApp employees are lobbying internally to take it on, it's not newsworthy that they haven't solved it yet.
Will here from WhatsApp. Really agree with this comment.
What this article is really about is a long-known issue that affects all internet traffic, not a vulnerability in WhatsApp and the article risks a ton of confusion for people who rely on end-to-end encryption.
We debate possible or emerging threats internally - sometimes quite energetically - because that’s how we find ways to add even more security to WhatsApp.
And we continue to ship advanced security features or improvements. For example, last year we introduced call relaying to mask IP address between calls, and we’ve also added an option to disable link previews as part of a series of advanced privacy settings.
We have a strong track record of being loud when we find issues and working to hold bad actors accountable and that’s what we’ll continue to do.
>>> The vulnerability is based on “traffic analysis,” a decades-old network-monitoring technique, and relies on surveying internet traffic at a massive national scale. The document makes clear that WhatsApp isn’t the only messaging platform susceptible
Seems like meta's engineers are just being proactive here, raising a concern.
If iMessage were the most dominant platform in Israel, then the same would apply for it too.
The short of it is that WhatsApp does not have protections against internet traffic analysis at the scale of a nation state, so a national government can analyze internet traffic and determine with some degree of accuracy who received the packets that you sent. Some WhatsApp employees have speculated that this might be being used by Israel to choose targets in Gaza, but it sounds like we have zero evidence that this is actually the case.
If you're a dissident, then you should be aware that just because the contents of your messages are encrypted that doesn't mean the source and destination can't be determined.
If you're a WhatsApp employee who cares about protecting dissidents, then it would be worth exploring what WhatsApp can do to mitigate this risk.
But if you're a random citizen in a stable country, this is not evidence of bad behavior on WhatsApp's part or of them failing to do enough to live up to their promises. This kind of "vulnerability" is extremely hard to defend against, and while it's admirable that some WhatsApp employees are lobbying internally to take it on, it's not newsworthy that they haven't solved it yet.